ldap_set_option failed. Can't contact LDAP server
I'm trying to setup apache 2.4 to authenticate with an LDAP server on another box, and have run into a wall trying to solve this problem. All thoughts/ideas appreciated.
I can telnet to the ldap server port from the apache host, I can do an ldapsearch from the apache host to the ldap server and connect fine, but via apache I stubbornly get Can't contact LDAP server. I have provided the apache logs and the output from the ldapsearch; you can see the ldap_create and where it goes south in apache after that.
I'm using 64 bit Redhat, apache 2.4.12, and I've listed the versions of apr, apr-util, openssl, and openldap that I built apache with at the bottom, as well as the configure options.
Any ideas?
Thanks.
Jeff
/*--------------------------------------------------------------------------*/
/* Apache logs */
/*--------------------------------------------------------------------------*/
[Tue Jul 28 17:19:07.646029 2015] [authnz_ldap:debug] [pid 14721:tid 140144313104128] mod_authnz_ldap.c(516): [client 129.39.1.124:40667] AH01691: auth_ldap authenticate: using URL ldaps://ldap.xxx.com:1636/dc=xxx,dc=xxx,dc=com?uid?sub
ldap_create
ldap_err2string
ldap_err2string
[Tue Jul 28 17:19:07.646268 2015] [authnz_ldap:info] [pid 14721:tid 140144313104128] [client 129.39.1.124:40667] AH01695: auth_ldap authenticate: user jpfost authentication failed; URI xxx.cgi [LDAP: ldap_set_option failed. Could not set LDAP_OPT_X_TLS to LDAP_OPT_X_TLS_HARD][Can't contact LDAP server]
/*--------------------------------------------------------------------------*/
/* ldapsearch */
/*--------------------------------------------------------------------------*/
myhost:/data/apache2/logs => ldapsearch -d1 -h ldap.xxx.com -p 1636
ldap_create
ldap_url_parse_ext(ldap://ldap.xxx.com:1636)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.xxx.com:1636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying xxx.xxx.xxx.xxx:1636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
/*--------------------------------------------------------------------------*/
/* configure options for apache 2.4.12 */
/*--------------------------------------------------------------------------*/
./configure --with-crypto --enable-modules=most --enable-cgi --enable-ldap --enable-ldap-authnz --enable-rewrite --enable-ssl --prefix=/data/apache2 --with-pcre=/data/pcre --with-apr=/data/apr --with-apr-util=/data/apr-util/ --with-ssl=/data/openssl-1.0.2c --with-ldap=/data/openldap-2.4.41
/*--------------------------------------------------------------------------*/
/* Redhat version. */
/*--------------------------------------------------------------------------*/
myhost:/etc => cat redhat-release
Red Hat Enterprise Linux Server release 6.6 (Santiago)
/*--------------------------------------------------------------------------*/
/* versions of apr, apr-util, openssl, and openldap used for compiles. */
/*--------------------------------------------------------------------------*/
httpd-2.4.12.tar
apr-1.5.2.tar
apr-util-1.5.4.tar
openssl-1.0.2c.tar
pcre-8.36.tar
openldap-2.4.41.tar
|